K
Keith Thompson
CBFalconer said:I claim that calloc didn't really succeed. It just converted the
total size requested using the usual unsigned conversions. It
returned a pointer to a physical object, which was NOT (SIZE_MAX *
2) big. It can't be, since no object can exceed SIZE_MAX. THIS IS
NOT A TYPE. THIS calloc IS FAULTY.
You misunderstood my example. In my hypothetical implementation,
calloc() *did* succeed. It returned a pointer to an object whose size
exceeds SIZE_MAX bytes.
You assert that "no object can exceed SIZE_MAX". I see no *direct*
statement of this in the standard. If there is one, surely you can
provide a citation. (You don't get to just make up rules like this.)
However, Harald van D?k (sorry, I can't type his name properly in my
current environment) presented an interesting indirect argument
involving the strlen() function. It's in this thread; since you and I
use the same news server I'm sure you can access it.
[...]
I believe (but may be wrong) that somewhere the standard specifies
that the action of calloc is to call malloc, and then initialize
the result.
Yes, you're wrong. Since we're discussion subtleties in the wording
of the standard, I'm surprised you didn't just look it up.
C99 7.30.3.1:
The *calloc* function allocates space for an array of *nmemb* objects,
each of whose size is *size*. The space is initialized to all bits
zero.
...
The *calloc* function returns either a null pointer or a pointer
to the allocated space.
(I've added '*'s to denote boldface.)